Support local journalism by subscribing today! Click Here to see our current offers.

On March 6, the Oregon Department of Human Services (DHS) uncovered a phishing incident that affected on staff member’s email.

DHS takes the privacy and confidentiality of employee and client information seriously. Established information technology security processes enabled the agency to detect and contain the incident quickly and stop the unauthorized access.

What happened?

A spear phishing email was sent to a DHS employee. The employee opened the phishing email and exposed their credentials to an outside entity. The agency cannot confirm that any client or employee’s personal information was copied or used inappropriately.

What DHS is doing about it

DHS is in the process of thoroughly reviewing the incident and the information involved. DHS plans to contract with an outside entity to clarify the number and identities of any individuals whose information was compromised, and the specific kinds of information involved. While there is no indication that any protected health information was copied or used inappropriately, DHS will notify any individuals whose information was compromised. DHS will provide identity theft protection services to potentially impacted employees and clients.

The security and confidentiality of private health information is critical to the Department of Human Services. While the department cannot confirm that any clients’ personal information was acquired from its email system or used inappropriately, it is notifying the public because information was accessible to an unauthorized person or persons.

Watch this discussion.Stop watching this discussion.

(0) comments

Welcome to the discussion.

1. Be Civil. No bullying, name calling, or insults.
2. Keep it Clean and Be Nice. Please avoid obscene, vulgar, lewd,
racist or sexually-oriented language.
3. Don't Threaten. Threats of harming another person will not
be tolerated.
4. Be Truthful. Don't knowingly lie about anyone or
anything.
5. Be Proactive. Let us know of abusive posts. Multiple reports
will take a comment offline.
6. Stay On Topic. Any comment that is not related to the original
post will be deleted.
7. Abuse of these rules will result in the thread being disabled,
comments denied, and/or user blocked.
8. PLEASE TURN OFF YOUR CAPS LOCK.